VIRTUAL PRIVATE NETWORK ACCESS

APPLICATION

A PROJECT REPORT

Submitted by

RAVI KUMAR M (720715205055)

SUGIL M (720715205067)
VIGNESHWARAN R (720715205074)
VIGNESHWARAN R (720715205075)

in partial fulfillment for the award of the degree

of

BACHELOR OF TECHNOLOGY
in

INFORMATION TECHNOLOGY
HINDUSTHAN COLLEGE OF ENGINEERING AND TECHNOLOGY

COIMBATORE-641032
ANNA UNIVERSITY: CHENNAI 600 025
APRIL 2019
 ANNA UNIVERSITY: CHENNAI 600 025

BONAFIDE CERTIFICATE

Certified that this project report “VIRTUAL PRIVATE NETWORK ACCESS

APPLICATION” is the bonafide work of “RAVIKUMAR M (720715205055),
SUGIL M (720715205067), VIGNESHWARAN R (720715205074), and
VIGNESWARAN R (720715205075)” who carried out the project work under my
supervision.

SIGNATURE SIGNATURE

Dr. S. SARAVANA SUNDARAM, Dr.D.RASI, M.E.,

M.E.,Ph.D.

HEAD OF THE DEPARTMENT SUPERVISOR

Professor, Assistant Professor,

Dept of Information Technology, Dept of Information Technology,
Hindusthan College of Engineering Hindusthan College of Engineering
and Technology, and Technology,
Coimbatore-641 032 Coimbatore-641 032

Submitted for the University Viva – Voice conducted on _____________

INTERNAL EXAMINER EXTERNAL EXAMINER

 DECLARATION
We, hereby jointly declare that the project work entitled “VIRTUAL
PRIVATE NETWORK ACCESS APPLICATION” submitted to Anna
University, in partial fulfilment for the award for the degree of BACHELOR
OF TECHNOLOGY in INFORMATION TECHNOLOGY, is report of the
original project work done by us under the guidance of, Dr.D.Rasi,M.E., Assistant
Professor, Department of Information Technology, Hindusthan College of
Engineering and Technology, Coimbatore.

NAME SIGNATURE
RAVI KUMAR M ___________

SUGIL M ___________

VIGNESHWARAN R ___________

VIGNESHWARAN R ___________

PROJECT GUIDE

Dr.D.RASI, M.E.,
Place: Coimbatore Assistant Professor,

Date: Dept of Information Technology

Hindusthan College of Engineering
And Technology, Coimbatore-32
 ACKNOWLEDGEMENT
We express our sincere thanks to our almighty of God, the guiding light of
our life for giving us the potency and courage to complete this project successfully.

We extend our sincere thanks to the Managing Trustee of Hindusthan

Educational and Charitable Trust Thiru T.S.R.Kannaiyan for providing
essential infrastructure.

We thank our Principal Dr.Kannadasan, M.Tech., Ph.D. for being the

source of inspiration during our course of study.

We express our deep sense of gratitude and sincere thanks to our Head of the
department, Dr.S.Saravanasundaram, Ph.D., who has been a spark for
enlightening my knowledge, for guiding me with constructing criticism and fruitful
suggestion for improvements in our project.

We extend our sincere thanks to our Project Coordinator

Mrs.N.Yamuna M.E, Assistant Professor, Department Of Information
Technology, for his valuable suggestions and technical support.

We express our deepest, heartiest and sincere thanks to our Project Guide

Dr.D.RASI, M.E. Ph.D, Assistant Professor, Department of Information

Technology, for her continuous support, valuable guidance and encouragement

throughout the entire course of our work.

We convey our inmost gratitude to our staff members for their competent
support in the execution of work.

We thank our College Library for providing us with many informative

books that help us to enrich our knowledge to bring out the project successfully.
 We would like to thank our Parents and our Family members for their
motivation during our project and all our friends who co-operated and helped us for
their part to complete the project successfully.

We also thank all those who have rendered help directly and indirectly at
various stages of the project work.
TABLE OF CONTENTS
 ABSTRACT

Computer security has become one of the most important concerns in theentire discipline of
computing. The recent explosive growth of the Internetand the World Wide Web has brought with it
a need to protect sensitivecommunications over the open networks.In the past, security violations
were generally done by Young adults, just for fun. But as technology and usage of internet
increased, there is always thethreat of planned attack (cyber terrorists), where the loss of money
could belarge in billions.So we have chosen this area of network security, and studied regarding
VPN(Virtual Private Networks) and SSL (Secure Socket Layer) protocol, thecurrent driving topics in the
field of security.In the recent past SSL protocol has revolutionized the area of VPN (VirtualPrivate
Network). SSL based VPN products allow users to establish securecommunication from
virtually any Internet-connected web browser. It issimpler and efficient than its predecessor
(IPSec), in implementing a secureremote access.Security of client – server communication is
achieved by achieving the principles of security, like Authentication and Encryption. These
techniquesare achieved using new packages of J2SDK, v 1.4, like JSSE and Key tool.The rest of
the Application code is developed using JAVA SWINGS.
ABBREVIATIONS

VPN ........................ Virtual Private Network

IPsec ........................Internet Protocol Security
SSL .......................... Secure Sockets Layer
GRE ...........................Generic Routing Encapsulation
IKE ............................ Internet Key Exchange
SA ............................... Security Association
AAA ............................ Authentication, Authorization, accounting
AH ................................ Authentication Header
ESP ............................... Encapsulation Security Payload
CHAPTER 1

INTRODUCTION
INTRODUCTION

1.1 OBJECTIVE

Communication play a vital role in the modern world and with the invention of internet,
public data telecommunication has become cost effective and efficient. However, it is a
challenge to harness this inexpensive use of this internet’s infrastructure while keeping
security a top priority. The costs to a business and its reputation from stolen, manipulated
or corrupted data can be devastating. Security and privacy are the major requirements for
communications over the internet. The use of VPN enables companies or organizations to
maintain fast, secure and reliable communications wherever their offices are located hence
making VPN’s a necessity for all organizations of the modern global economy.

1.2 GENRAL BACKGROUND

The advantages associated with VPNs include. Extended geographic connectivity, VPN
connects remote workers to central resources, making it easier to set up global operations.
Improve internet secured connection to internet makes network vulnerable to hacker
attacks. VPNs solutions include firewalls and encryption measures to counteract network
security threats.VPN allows to utilize the remote access infrastructure within IPSs, hence
add unlimited amount of capacity without system. VPN lower costs by eliminating the
need for expensive long distance leased lines. VPN needs only a relatively short
connection to the internet service provider (ISP). The connection could be either a local
leased line.
CHAPTER 2
LITERATURE REVIEW

VPN

Virtual – virtual means not real or in a different state of being. In a VPN, a private
communication between two or more devices is achieved through a public network
(internet). The communication is therefore virtually but not physical.
Network – network consists of two or more devices that can freely communicate with
each other. A VPN can transmit information over long distances effectively and
efficiently.
Virtual Simply put, a VPN, Virtual Private Network, is defined as a network that uses
public network paths but maintains the security and protection of private networks.

How a VPN works

When making a VPN connection, there are two connections. The first connection is
made to the Internet Service Provider. In connecting to the service provider, TCP/IP
(Transmission Control Protocol/Internet Protocol) and PPP (Point-to-Point Protocol)
are used to communicate to the ISP. The remote user is assigned an IP address by the
ISP.In normal connections, the company’s firewall does not allow PPP packets from
entering the network; thus, Internet users are not able to access a private network.
However, VPN services allow users who meet security criteria are admitted. The VPN
server disassembles the packet and transfers the packet to the destination computer
located in the private network.

Take notice of the following diagram. It represents one type of implementation of a

VPN – a Remote Access VPN.
Figure 2.2 Remote Access VPN (Gartner Consulting)

Types of VPN
VPNs can be categorized as follows:
 Site-to-site VPN
 IPsec Remote access VPN
 Clientless SSL VPNs

Site-to-site VPN

Site-to-Site VPN refers to implementations in which the network of one location is

connected to the network of another location via a VPN.
Frame Relay, ATM, and MPLS VPNs are examples of site-to-site VPNs. [5]
There are two types of site-to site VPNs:
 Intranet-based -- Allows a company to establish a secure
connection with its remote locations.
 Extranet-based -- Allows two companies to work together via a secure
connection while preventing access to their separate intranets

One of the features of the site-to-site VPN is that hosts do not have VPN client
software. Instead, they just send and receive normal TCP/IP traffic through a VPN
gateway. The VPN gateway is responsible for the encryption and encapsulation of
the outbound traffic. That means that there is a VPN tunnel through which
communication can be established between peers over the Internet.
Upon receipt, the peer VPN gateway strips the headers, decrypts the content, and
relays the packet toward the target host inside its private network.
Basically the site-to-site VPN extends the company's network making
communication easier. A good example here could be a company with branches
in several remote locations.
IPsec Remote Access VPN

For remote access VPN connectivity with full integration into the LAN it is
necessary to employ an IPsec VPN connection between a VPN Gateway and
a remote client. As opposed to SSL, which operates at the application layer
and is typically limited to web applications or a web portal, IPsec is a
connectionless protocol that operates at Layer-3.

With IPsec VPN it is possible to give the remote user full or custom access
to the LAN with a user experience as if the remote user were physically
connected inside the LAN. Also, it would appear to devices inside the LAN
that the remote user was physically present. In other words, full network
extension can be achieved. An IPsec VPN deployment is particularly
necessary when the remote user needs to access applications that cannot be
managed through a web portal such as an ERP or legacy software.

Although it offers more possibilities in the network, IPsec is often compared

to SSL/TLS as being more complicated with increased administrative
overhead. In addition to this drawback, another drawback to the IPsec
Remote Access VPN approach is that the VPN client software must be
installed on the remote user’s machine with administrative privileges which
can hinder scalability in large scale deployments.

Another challenge with IPsec VPNs can be navigating through firewalls and
NAT devices that are situated between the client and the gateway. (Matei
2012) Thankfully there are tools available that can help resolve these
challenges, such as NAT Traversal. Cisco’s implementation of this option is
called Easy VPN Server and it is the one we chose to implement for this
project.
Clientless Secure Sockets Layer (SSL) VPN

By far the easiest form of VPN to implement from an end-user perspective

is the clientless Secure Sockets Layer (SSL) VPN. After a remote user opens
up their web browser and is successfully authenticated against a Cisco IOS
SSL VPN Gateway (or other SSL VPN gateway) they are able to access web
services running in their home office LAN through their browser.
Some remote services that are available via a clientless SSL VPN
connection are “web servers, shared file directories, web based email
systems, applications that run on protected servers and any other services
that can be channeled through a web page.”

It is important to note that generally speaking, a clientless SSL VPN cannot

be considered a permanent replacement for an IPsec client VPN or site-to-
site VPN. This is due to the fact that
clientless SSL VPNs typically don’t support applications such as Telnet,
SNMP, ping, traceroute, FTP and IP Telephony that can’t be run through
web browsers. One solution to this problem is to create a SSL Tunnel VPN
with a web browser. These options will be discussed in a later section.

Secure Sockets Layer (SSL) protocol

The SSL protocol was originally developed by Netscape as a way to provide
secure transmission of information between a server and the company’s
browser. This was done in part to try and strengthen the ability of e-commerce
companies to provide their online shoppers with a safe and reliable experience.

The SSL protocol is implemented at the Transport Layer and upwards in the
seven layer Open Systems Interconnection (OSI) network model. In contrast to
IPsec, the layer 3 (source and destination IP address) information is not
encrypted. The entire secure communications process between client and server
is quite complex but can be broken down into a nine-step process. This
handshake process is quite similar when using TLS.
IBM’s WebSphere online portal, which is the source of the graphic handshake
procedure representation above, also provides a short summary of the SSL
handshake procedure as follows:

1) “The SSL or TLS client sends a "client hello" message that lists
cryptographic information such as the SSL or TLS version and, in the client's
order of preference, the Cipher Suites supported by the client. The message also
contains a random byte string that is used in subsequent computations. The
protocol allows for the "client hello" to include the data compression methods
supported by the client.

2) The SSL or TLS server responds with a "server hello" message that contains
the Cipher Suite chosen by the server from the list provided by the client, the
session ID, and another random byte string. The server also sends its digital
certificate. If the server requires a digital certificate for client authentication,
the server sends a "client certificate request" that includes a list of the types of
certificates supported and the Distinguished Names of acceptable Certification
Authorities (CAs).

3) The SSL or TLS client verifies the server's digital certificate.

4) The SSL or TLS client sends the random byte string that enables both the
client and the server to compute the secret key to be used for encrypting
subsequent message data. The random byte string itself is encrypted with the
server's public key.

5) If the SSL or TLS server sent a "client certificate request", the client sends a
random byte string encrypted with the client's private key, together with the
client's digital certificate, or a "no digital certificate alert". This alert is only a
warning, but with some implementations the handshake fails if client
authentication is mandatory.

6) The SSL or TLS server verifies the client's certificate

.
7) The SSL or TLS client sends the server a "finished" message, which is
encrypted with the secret key, indicating that the client part of the handshake is
complete.

8) The SSL or TLS server sends the client a "finished" message, which is
encrypted with the secret key, indicating that the server part of the handshake is
complete.

9) For the duration of the SSL or TLS session, the server and client can now
exchange messages that are symmetrically encrypted with the shared secret
key.”
Unfortunately, even the SSL protocol cannot be considered entirely secure at
this point, as its encryption mechanisms appear to have been cracked by the
National Security Agency (NSA) in the US. According to Mike Janke, the
C.E.O. of the encrypted-communications company Silent Circle, “N.S.A.
developed a massive
push-button scale ability to defeat or circumvent SSL encryption in virtually
real time.”

IPsec VPN fundamentals

IPsec is an IETF standard that acts as a modular framework of open

standards that define how a VPN connection is implemented. [9] The three
main security solutions IPsec offers are data integrity, data authentication,
and data confidentiality.

Data integrity is accomplished through the use of HMAC, a standard that

uses a hash algorithm to create a hash value that is sent along with the
packet. Upon receipt, the hash algorithm is run again and compared to the
received hash value. The hash values must be identical for the packet to be
accepted. The two hash algorithms available to use in IPsec are MD5 and
SHA-1.

Data authentication is achieved through pre-shared keys, RSA signatures

(digital signatures), or RSA encrypted nonce.

Data confidentiality is attained by encrypting the data. Common encryption

algorithms that are available in IPsec are DES, 3DES, AES, and SEAL
Triggering the VPN Connection. There are two ways that an IPsec VPN
connection can be set into motion. In a site-to- site connection,
“interesting traffic” is identified through the use of an ACL. Any traffic that
is permitted by the ACL triggers the IKE process. In a remote client
connection, the user initiates the connection manually by clicking on the
connection profile in the software client.
Internet Key Exchange (IKE)

IKE is used by IPsec to negotiate and establish multiple Security Associations

(SA). The implementation is divided into two phases.

IKE Phase 1

The first SA is created during IKE Phase 1 and is essentially a control channel.
The purpose of the first phase is to establish a secure and authenticated channel
that will allow secure Phase 2 negotiations to take place. [8] It also
authenticates the peers.
It works at 2 modes:
 Main mode (three two-way exchanges)
 Aggressive mode
The main difference between these two is that aggressive mode will pass more
information in fewer packets, with the benefit of slightly faster connection
establishment.
During the first step of phase 1 the following parameters are negotiated as
policy sets:
 Encryption – (DES, 3DES, AES)
 Hash – (MD5, SHA-1)
 Authentication – (Pre-shared keys, RSA signatures, RSA encrypted
nonce)
 Diffie-Hellman group
 Lifetime
Once the policy set is negotiated, the second step of Phase 1 occurs when the
Diffie-Hellman protocol is run in order to establish the shared keys. These
shared keys will be retained and used in subsequent encryption algorithms and
hashes.

IKE Phase 2

The purpose of IKE Phase 2 is to negotiate and establish SAs that will protect
the IP traffic. The negotiation takes place over the control channel that is
created in Phase 1 and the newly established shared keys from Phase 1 may
also be used here. Unlike in Phase 1, the SAs in Phase 2 are unidirectional so
two must be created, one in each direction.The IPsec tunnel terminates when
the IPsec SAs are deleted, or when their lifetime expires.

IKE Versions

The IKE process as previously explained is unique to IKE version 1. There is

also now an IKE version 2 in use. It is very similar to IKE version 1 but has
improved on some of the challenges that were inherent in version IKEv1 and
the process has been streamlined a bit. Some of the more notable differences in
IKEv2 are:
 Negotiation is shorter.
 It is reduced to only one phase. Child SAs are created inside this phase
 eliminating the need for a second phase.
 NAT Traversal is built in. This feature solves some of the challenges
with
 NAT/PAT that were mentioned earlier.

IPsec protocols
IPsec is a collection of protocols that provide encryption, authentication
and key management system for ensuring the VPN peers privacy,
authenticity and integrity of data as the information crosses the unsecure
network. IKE and IPsec are the two building blocks for the formation of the
IPsec tunnel. IKE is responsible for determining identities and secrets. The
IPsec tunnel is used to transport data securely via a tunnel. There are two
IPsec framework protocols AH and ESP.

Authentication Header (AH)

It operates on top of IP using protocol 51. It is implemented
in VPN communication, when confidentiality is not a major concern. In VPN
communication peers AH pro-vides the IP packets with data integrity and
authentication services. It is a mechanism of verifying whether the data in
transit is misused or not. It does not offer an encryption mechanism, but all the
packets are transported in clear text which is not secure. AH provides the
following services:
 Authentication
 Data origin integrity

Encapsulating Security Payload (ESP)

ESP, which is protocol 50, is defined in rfc4303. It is implemented in a VPN
communication, when confidentiality is a major concern. In VPN
communication peers AH provides the IP packets with data integrity,
confidentiality and authentication services. It offers encryption service by
performing encrypting on the IP payload. Encrypting the IP packet using ESP,
hides the data content, source and destination IP addresses. It performs
authentication for both ESP header and inner IP packet. ESP provides the
following services:
 Encryption
 Authentication
 Data origin integrity
 Anti-reply protection

IPsec Modes of Operation

IPsec security protocols, AH and ESP, can be carried out in two different
modes of operation.
 Transport mode
 Tunnel mode

Transport mode

The transport mode gives protection in the OSI layer stack from the transport
layer and above. It performs protection to the data payload but it does not
protect the original IP address. The original IP is used to transport the data
through the Internet. The ESP transport mode is not with the Network Address
Translation (NAT), since communication is end-to-end or between hosts.

Tunnel mode

The tunnel mode gives protection to data and the source IP packet. This
original IP packet is encrypted and it is also encapsulated with a new IP packet.
CHAPTER THREE

METHODOLOGY

The three types of Remote access VPNs that can be implemented for a middle
size office are:
1. IPsec Site-to-site VPN
2. IPsec client VPN
3. Clientless SSL VPN

The three will be analyzed and the most suitable among the three will
be implemented for this case.

IPsec client VPN vs IPsec site-to-site VPN

The most important difference between the two is the question of mobility.
The site-to-site option is stationary whereas the remote access IPsec VPN
option allows for connectivity from anywhere with an internet connection.
The nature of site-to-site option between stationary routers makes mobility
an impossibility.
For this case we would need employees to be able to connect while
travelling hence the IPsec client VPN option is a better solution.

Clientless SSL VPN vs IPsec client VPN

An IPsec client VPN requires a VPN client software to be installed at the

client’s endpoint so as to be used in connecting to the main office servers. A
clientless SSL VPN however uses any web browser to connect to the main
office servers.
The problem with the SSL VPNs however is that they don’t support
applications that can’t be run through web browsers such as ping.
Legacy software run by the company may also not be successfully adapted
to a web browser and will not function correctly when accessed through a
clientless SSL VPN setup.
Hence the most suitable implementation would be a remote access IPsec
VPN.
VPN IMPLEMENTATION

The devices which are be needed to implement a remote access IPsec VPN
should include following:

1. A Cisco router
2. A DSL modem
3. A switch

However, at the time of doing this project the above materials could not be
obtained from the department. I could not also manage to purchase them myself
as they are expensive (i.e. a cisco router for example goes for over Ksh. 50,000).

I therefore resorted to implementation by use of simulation using the Cisco

packet tracer software.
Figure 3.1 – packet tracer representation of a company network
Network diagram for the IPsec Client VPN

Figure 3.2 – network diagram

The above network shows a remote company employee connecting to the office
router using a DSL modem.
To enable the secured connection by the remote user, the company edge router
has to be configured to create the IPsec remote access VPN.
 Configuration
To implement the IPsec remote access VPN in the cisco packet tracer, the
command line interface (CLI) was used to enter the VPN commands into the
office router.
CLI was also used to configure the other devices in the office, such as the
switches, ISP router, etc.
Bulk of configurations however was on the office router as this is where the
VPN was configured. The basic summary of the commands used in
configuration is provided here with an accompanying short explanation of
what it does.
In the appendix the detailed commands used in configuration are provided.

aaa authentication login REMOTE local

 This command creates the aaa authentication login user

aaa authorization network REMOTE local

 This command sets up the group network login

 The AAA authentication and authorization are used with the local database.

Username VPN secret bett8746

 This creates a user with username ‘VPN’ and secret password ‘bett8746’

crypto isakmp policy 10

encryption aes 256

hash md5

authentication pre-share group 2

lifetime 21600

 Defines ISEKMP policy for phase 1 negotiations.

 Sets encryption to advanced encryption standard using 256-bit key
  Also sets the integrity checking mechanism (hashing) to hash md5

Crypto isakmp client

configuration group REMOTE key

CISCO pool MYPOOL

exit

 Defines the crypto isakmp group policy

 It sets the pool of ip addresses that are handed out to VPN client when they
connect

Crypto IPsec transform-set MYSET esp-aes 256 esp-md5-hmac

 Configuration for the IPsec policies and transform sets used during IPsec
negotiation
 Sets encryption to aes-advanced encryption standard and a 256-bit key
 Sets hashing to hash md5-hmac

crypto dynamic-map DYNAMAP 10

set transform-set MYSET

reverse-route

 Creates a dynamic map and a sequence number of 10

 The second line of command ties it to the transform-set MYSET

crypto map CLIENT_MAP clientauthentication list REMOTE

crypto map CLIENT_MAP isakmp authorization list REMOTE

crypto map CLIENT_MAP client configuration address respond

crypto map CLIENT_MAP 10 IPsec-isakmp dynamic DYNAMAP

  Setting up the actual crypto map itself
 Sets client authentication list and isakmp authorization list to REMOTE
 Line 3 above is a command that will respond to the network address request
from client
 Line 4 ties the crypto map to the dynamic map DYNAMAP

ip local pool MYPOOL 172.16.10.150 172.16.10.200

 Creates the pool MYPOOL

InterfacefastEthernet

0/1 crypto map CLIENT_MAP

 This command turns on the ISAKMP

Ip dhcp pool

REMOTE_POOL

network 72.44.20.0

255.255.255.240

default-router 72.44.20.14

dns-server 10.10.10.1

 This sets up an ip dhcp pool for the modem connection

 This will be assigning dynamic ip addresses to the remote user
CHAPTER FOUR

RESULTS AND ANALYSIS

Testing the Remote Access VPN functionality

Verification and testing of the IPsec Remote Access VPN connection was
achieved through the following:
 Using the VPN client software on the Cisco packet tracer
 Using the commands ‘show crypto isakmp sa’ and ‘show crypto IPsec
sa’ which are entered onto the packet tracer’s CLI (command line
interface)
CHAPTER 5
CONCLUSION

Virtual Private Networks are a vital part of remote user communications

across the internet due to the risks that exist when sending private information
over a public internet. With the increase in online theft and hijacking of
sensitive data by anonymous hackers, VPNs proves to be an effective means of
securing a business’s data and therefore safeguarding reputation.

Apart from the above benefit, the importance associated with VPNs is also of
so much help to businesses. VPNs have advantages such as cost savings,
extended geographical connectivity and scalability which are all of great
importance efficiency in running businesses.

When choosing a particular type of VPN for a business it is important to

consider suitability of the VPN for that business as well as the costs to be
incurred in implementation. The different types of VPNs are each suited for
different types of businesses i.e. small-sized business, medium-sized business
of large businesses. For our case it was a medium-sized business.

The objectives and goals of the project were thus achieved. However, the
following recommendations would be of great importance for future purposes.

 Procurement of advanced Cisco routers in the department to enable

actual real life implementation of the VPNs
 The department should partner with the Cisco academy so that the
students can get acquitted with VPN technology.
CHAPTER 6
 APPENDIX

6.1 SOURCE CODE

package com.it.projectvpn.activity;

import android.content.ActivityNotFoundException;
import android.content.Intent;
import android.content.res.Configuration;
import android.graphics.Color;
import android.graphics.drawable.BitmapDrawable;
import android.net.Uri;
import android.os.Build;
import android.os.Bundle;
import android.os.Handler;
import android.support.design.widget.NavigationView;
import android.support.v4.view.GravityCompat;
import android.support.v4.widget.DrawerLayout;
import android.support.v7.app.ActionBarDrawerToggle;
import android.support.v7.widget.CardView;
import android.support.v7.widget.Toolbar;
import android.text.TextUtils;
import android.view.Gravity;
import android.view.LayoutInflater;
import android.view.MenuItem;
import android.view.View;
import android.view.animation.AccelerateInterpolator;
import android.widget.AdapterView;
import android.widget.ArrayAdapter;
import android.widget.Button;
import android.widget.ListView;
import android.widget.PopupWindow;
import android.widget.RelativeLayout;
import android.widget.TextView;
import android.widget.Toast;

import com.it.projectvpn.BuildConfig;
import com.it.projectvpn.R;
import com.it.projectvpn.model.Server;
import com.it.projectvpn.util.PropertiesService;
import com.afollestad.materialdialogs.MaterialDialog;
import com.google.android.gms.ads.MobileAds;
import com.hookedonplay.decoviewlib.DecoView;
import com.hookedonplay.decoviewlib.charts.SeriesItem;
import com.hookedonplay.decoviewlib.events.DecoEvent;
import com.tapadoo.alerter.Alerter;

import java.util.ArrayList;
import java.util.List;
import java.util.Random;

public class MainActivity extends BaseActivity implements

NavigationView.OnNavigationItemSelectedListener {

DecoView arcView, arcView2;

public static final String EXTRA_COUNTRY = "country";
private PopupWindow popupWindow;
private RelativeLayout homeContextRL;
 TextView centree;
private List<Server> countryList;

CardView mCardViewShare;
Intent i;

@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
// MobileAds.initialize(this, String.valueOf(R.string.admob_app_id));
homeContextRL = (RelativeLayout) findViewById(R.id.homeContextRL);
countryList = dbHelper.getUniqueCountries();

Toolbar toolbar = initToolbar();

initDrawer(toolbar);
initNavigationView();
/* AdView mAdMobAdView = (AdView) findViewById(R.id.admob_adview);
AdRequest adRequest = new AdRequest.Builder()
.build();
//mAdMobAdView.loadAd(adRequest);
mAdMobAdView.setAdListener(new AdListener() {
@Override
public void onAdLoaded() {
}

@Override
 public void onAdFailedToLoad(int errorCode) {
//AdRequest adRequest = new AdRequest.Builder().build();
//mAdMobAdView.loadAd(adRequest);
}

@Override
public void onAdOpened() {
}

@Override
public void onAdLeftApplication() {
//AdRequest adRequest = new AdRequest.Builder().build();
//mAdMobAdView.loadAd(adRequest);
}

@Override
public void onAdClosed() {
}
});*/

/* final InterstitialAd mInterstitial = new InterstitialAd(this);

mInterstitial.setAdUnitId(getString(R.string.interstitial_ad_unit));
mInterstitial.loadAd(new AdRequest.Builder().build());
mInterstitial.setAdListener(new AdListener() {
@Override
public void onAdLoaded() {
// TODO Auto-generated method stub
super.onAdLoaded();
if (mInterstitial.isLoaded()) {
 mInterstitial.show();
}
}
});*/

if (BaseActivity.connectedServer == null) {
Button hello = (Button) findViewById(R.id.elapse2);
hello.setText("Not Connected");
hello.setBackgroundResource(R.drawable.button2);
}
else {
Button hello = (Button) findViewById(R.id.elapse2);
hello.setText("Connected");
hello.setBackgroundResource(R.drawable.button3);
}

centree = (TextView) findViewById(R.id.centree);

arcView = (DecoView) findViewById(R.id.dynamicArcView2);
arcView2 = (DecoView) findViewById(R.id.dynamicArcView3);

long totalServ = dbHelper.getCount();

String totalServers =
String.format(getResources().getString(R.string.total_servers), totalServ);
centree.setText(totalServers);

arcView2.setVisibility(View.VISIBLE);
arcView.setVisibility(View.GONE);
 arcView.addSeries(new SeriesItem.Builder(Color.argb(255, 218, 218, 218))
.setRange(0, 100, 0)
.setInterpolator(new AccelerateInterpolator())
.build());

SeriesItem seriesItem1 = new

SeriesItem.Builder(Color.parseColor("#00000000"))
.setRange(0, 100, 0)
.setLineWidth(32f)
.build();

SeriesItem seriesItem2 = new SeriesItem.Builder(Color.parseColor("#ffffff"))

.setRange(0, 100, 0)
.setLineWidth(32f)
.build();

int series1Index2 = arcView.addSeries(seriesItem2);

Random ran2 = new Random();
int proc = ran2.nextInt(10) + 5;
arcView.addEvent(new
DecoEvent.Builder(DecoEvent.EventType.EVENT_SHOW, true)
.setDelay(0)
.setDuration(600)
.build());

arcView.addEvent(new
DecoEvent.Builder(proc).setIndex(series1Index2).setDelay(2000).setListener(new
DecoEvent.ExecuteEventListener() {
 @Override
public void onEventStart(DecoEvent decoEvent) {

@Override
public void onEventEnd(DecoEvent decoEvent) {

long totalServ = dbHelper.getCount();

String totalServers =
String.format(getResources().getString(R.string.total_servers), totalServ);
centree.setText(totalServers);

}
}).build());

mCardViewShare = (CardView) findViewById(R.id.CardViewShare);

mCardViewShare.setOnClickListener(new View.OnClickListener() {
 @Override
public void onClick(View v) {
// TODO Auto-generated method stub
i = new Intent();
i.setAction(Intent.ACTION_SEND);
i.setType("text/plain");
final String text = "Check out "
+ getResources().getString(R.string.app_name)
+ ", the free app for vpn and proxy with " +
getResources().getString(R.string.app_name) + ".
https://play.google.com/store/apps/details?id="
+ getPackageName();
i.putExtra(Intent.EXTRA_TEXT, text);
Intent sender = Intent.createChooser(i, "Share " +
getResources().getString(R.string.app_name));
startActivity(sender);
}
});

CardView button1 = (CardView)

findViewById(R.id.homeBtnRandomConnection);
button1.setOnClickListener(new View.OnClickListener() {

public void onClick(View v) {

sendTouchButton("homeBtnRandomConnection");
Server randomServer = getRandomServer();
if (randomServer != null) {
newConnecting(randomServer, true, true);
 } else {
String randomError =
String.format(getResources().getString(R.string.error_random_country),
PropertiesService.getSelectedCountry());
Toast.makeText(MainActivity.this, randomError,
Toast.LENGTH_LONG).show();
}

}
});

CardView button2 = (CardView) findViewById(R.id.homeBtnChooseCountry);

button2.setOnClickListener(new View.OnClickListener() {

public void onClick(View v) {

sendTouchButton("homeBtnChooseCountry");
chooseCountry();

}
});

CardView button = (CardView) findViewById(R.id.button);

button.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
Alerter.create(MainActivity.this)
 .setTitle("Rate Us")
.setIcon(R.drawable.ic_rate_border_white_24dp)
.setText("Help us to reach via ratings...")
.setDuration(10000)
.setBackgroundColorRes(R.color.progress) // or
setBackgroundColorInt(Color.CYAN)
.show();
new Handler().postDelayed(() -> startActivity(new
Intent(Intent.ACTION_VIEW, Uri.parse("market://details?id=" +
getApplicationContext().getPackageName()))),3000);

}
});
}

@Override
protected void onResume() {
super.onResume();
if (BaseActivity.connectedServer == null) {
Button hello = (Button) findViewById(R.id.elapse2);
hello.setText("Not Connected");
}
else {
Button hello = (Button) findViewById(R.id.elapse2);
hello.setText("Connected");
hello.setBackgroundResource(R.drawable.button3);
}
 invalidateOptionsMenu();

@Override
protected void onDestroy() {

super.onDestroy();
}

@Override
protected boolean useHomeButton() {
return true;
}

public void homeOnClick(View view) {

switch (view.getId()) {
case R.id.homeBtnChooseCountry:
sendTouchButton("homeBtnChooseCountry");
chooseCountry();
break;
case R.id.homeBtnRandomConnection:
sendTouchButton("homeBtnRandomConnection");
Server randomServer = getRandomServer();
if (randomServer != null) {
newConnecting(randomServer, true, true);
 } else {
String randomError =
String.format(getResources().getString(R.string.error_random_country),
PropertiesService.getSelectedCountry());
Toast.makeText(this, randomError, Toast.LENGTH_LONG).show();
}
break;
}

private void chooseCountry() {

View view = initPopUp(R.layout.choose_country, 0.6f, 0.8f, 0.8f, 0.7f);

final List<String> countryListName = new ArrayList<String>();

for (Server server : countryList) {
String localeCountryName = localeCountries.get(server.getCountryShort())
!= null ?
localeCountries.get(server.getCountryShort()) :
server.getCountryLong();
countryListName.add(localeCountryName);
}

ListView lvCountry = (ListView) view.findViewById(R.id.homeCountryList);

ArrayAdapter<String> adapter = new ArrayAdapter<String>(this,
android.R.layout.simple_list_item_1, countryListName);

lvCountry.setAdapter(adapter);
lvCountry.setOnItemClickListener(new AdapterView.OnItemClickListener() {
 @Override
public void onItemClick(AdapterView<?> parent, View view, int position,
long id) {
popupWindow.dismiss();
onSelectCountry(countryList.get(position));
}
});

popupWindow.showAtLocation(homeContextRL, Gravity.CENTER,0, 0);

}

private View initPopUp(int resourse,

float landPercentW,
float landPercentH,
float portraitPercentW,
float portraitPercentH) {

LayoutInflater inflater = (LayoutInflater)

getApplicationContext().getSystemService(LAYOUT_INFLATER_SERVICE);
View view = inflater.inflate(resourse, null);

if (getResources().getConfiguration().orientation ==
Configuration.ORIENTATION_LANDSCAPE) {
popupWindow = new PopupWindow(
view,
(int)(widthWindow * landPercentW),
(int)(heightWindow * landPercentH)
);
} else {
 popupWindow = new PopupWindow(
view,
(int)(widthWindow * portraitPercentW),
(int)(heightWindow * portraitPercentH)
);
}

popupWindow.setOutsideTouchable(false);
popupWindow.setFocusable(true);
popupWindow.setBackgroundDrawable(new BitmapDrawable());

return view;
}

private void onSelectCountry(Server server) {

Intent intent = new Intent(getApplicationContext(), VPNListActivity.class);
intent.putExtra(EXTRA_COUNTRY, server.getCountryShort());
startActivity(intent);
}

public static String getDeviceName() {

String manufacturer = Build.MANUFACTURER;
String model = Build.MODEL;
if (model.startsWith(manufacturer)) {
return capitalize(model);
}
return capitalize(manufacturer) + " " + model;
 }

private static String capitalize(String str) {

if (TextUtils.isEmpty(str)) {
return str;
}
char[] arr = str.toCharArray();
boolean capitalizeNext = true;
String phrase = "";
for (char c : arr) {
if (capitalizeNext && Character.isLetter(c)) {
phrase += Character.toUpperCase(c);
capitalizeNext = false;
continue;
} else if (Character.isWhitespace(c)) {
capitalizeNext = true;
}
phrase += c;
}
return phrase;
}

private void initNavigationView(){

NavigationView navigationView = (NavigationView)
findViewById(R.id.nav_view);
navigationView.setNavigationItemSelectedListener(this);
navigationView.setItemIconTintList(null);
}
 @SuppressWarnings("StatementWithEmptyBody")
@Override
public boolean onNavigationItemSelected(MenuItem item) {

int id = item.getItemId();

if (id == R.id.nav_speedtest) {
startActivity(new Intent(this, SpeedTestActivity.class));

} else if (id == R.id.nav_home){

startActivity(new Intent(this, MainActivity.class));
} else if (id == R.id.nav_vpnlist){
}
else if (id == R.id.nav_share) {
Intent sharingIntent = new Intent(android.content.Intent.ACTION_SEND);
sharingIntent.setType("text/plain");
String shareBody = "Best Free Vpn app download now.
https://play.google.com/store/apps/details?id=" +
getApplicationContext().getPackageName();
sharingIntent.putExtra(android.content.Intent.EXTRA_SUBJECT, "Share
App");
sharingIntent.putExtra(android.content.Intent.EXTRA_TEXT, shareBody);
startActivity(Intent.createChooser(sharingIntent, "Share via"));
}else if (id == R.id.rate_us) {
startActivity(new Intent(Intent.ACTION_VIEW,
Uri.parse("market://details?id=" + getApplicationContext().getPackageName())));
}
else if (id == R.id.about_me) {
 aboutMyApp();

else if (id == R.id.privacypolicy) {

startActivity(new Intent(MainActivity.this, TOSActivity.class));

else if (id == R.id.moreapp) {

Uri uri = Uri.parse("market://search?q=pub:" + "IT-B");

Intent goToMarket = new Intent(Intent.ACTION_VIEW, uri);
try {
startActivity(goToMarket);
} catch (ActivityNotFoundException e) {
startActivity(new Intent(Intent.ACTION_VIEW,
Uri.parse("http://play.google.com/store/search?q=pub:" + "IT-B")));
}
}

DrawerLayout drawer = (DrawerLayout) findViewById(R.id.drawer_layout);

drawer.closeDrawer(GravityCompat.START);
return true;
}

private void aboutMyApp() {

 MaterialDialog.Builder bulder = new MaterialDialog.Builder(this)
.title(R.string.app_name)
.customView(R.layout.about, true)
.backgroundColor(getResources().getColor(R.color.colorPrimaryDark))
.titleColorRes(android.R.color.white)
.positiveText("MORE APPS")
.positiveColor(getResources().getColor(android.R.color.white))
.icon(getResources().getDrawable(R.mipmap.ic_launcher))
.limitIconToDefaultSize()
.onPositive((dialog, which) -> {
Uri uri = Uri.parse("market://search?q=pub:" + "IT-B");
Intent goToMarket = new Intent(Intent.ACTION_VIEW, uri);
try {
startActivity(goToMarket);
} catch (ActivityNotFoundException e) {
startActivity(new Intent(Intent.ACTION_VIEW,
Uri.parse("http://play.google.com/store/search?q=pub:" + "IT-
B")));
}
});

MaterialDialog materialDialog = bulder.build();

TextView versionCode = (TextView)

materialDialog.findViewById(R.id.version_code);
TextView versionName = (TextView)
materialDialog.findViewById(R.id.version_name);
versionCode.setText(String.valueOf("Version Code : " +
BuildConfig.VERSION_CODE));
versionName.setText(String.valueOf("Version Name : " +
BuildConfig.VERSION_NAME));

materialDialog.show();
}

private void initDrawer(Toolbar toolbar) {

final DrawerLayout drawer = (DrawerLayout)
findViewById(R.id.drawer_layout);
ActionBarDrawerToggle toggle = new ActionBarDrawerToggle(
this, drawer, toolbar, R.string.navigation_drawer_open,
R.string.navigation_drawer_close);
drawer.addDrawerListener(toggle);
drawer.addDrawerListener(new DrawerLayout.SimpleDrawerListener() {
@Override
public void onDrawerClosed(View drawerView) {

@Override
public void onDrawerOpened(View drawerView) {

}
});
toggle.syncState();
}

private Toolbar initToolbar() {

 Toolbar toolbar = (Toolbar) findViewById(R.id.toolbarr);
setSupportActionBar(toolbar);
return toolbar;
}

}
Screenshots

Welcome page
 Fig Country servers list

Fig Speedometer

Country Name
 Reference
[1] Martin Murhammer (1999) A comprehensive guide to Virtual Private Networks.
Volume 3. IBM corp, U.S.A.

[2] Cisco. Internetworking Technologies Handbook. 4th ed. Indianapolis, USA.

Cisco Systems, Inc.; 2004.

[3] Mike Fratto (2005) IPsec Vs. SSL: Picking The Right VPN

[4] A primer for Implementing a Cisco Virtual Private Network. (1999). Cisco
Systems.

[5] Keith Barker et al (2012). CCNA Security 640-554 Official Cert Guide. Cisco
Press.

[6] Cisco. Internetworking Technologies Handbook. 4th ed. Indianapolis, USA.

Cisco Systems, Inc.; 2004.

[7] Cristian Matei (2012) CCNP Security VPN 642-648 Quick Reference. 2012.

[8] Catherine Paquet (2013) Implementing Cisco IOS Network Security (IINS)
Foundation Learning Guide. Cisco Press.

[9] Andrew Mason (2002) IPsec Overview Part Four: Internet Key Exchange (IKE).

[10] James F. Kurose, Keith W. Ross. Computer Networking: A Top-Down

Approach. 6th ed. Massachusetts, USA. Pearson Education Limited; 2013.

[11] Frankel et al (2008) Guide to SSL VPNs. US Department of Commerce:

National Institute of Standards and Technology.